DON’T PANIC - bytes, blocks, bugs
08-18, 10:30–11:15 (Europe/Berlin), Milliways
Language: English

Love it or hate it, blockchain has become a playground for technologists. Blockchain also fuels criminal ecosystems through major hacking incidents.

In this talk, we aim to shed light on the most common bug types found in one of the main blockchain frameworks (Substrate) and provide insights and tools to find them.

Blockchain bugs present unique challenges for developers and security testers. Drawing from several hundred blockchain security issues we reported, we identified five common issue types. We discuss the potential impact of each issue type and provide practical tips for testing blockchain systems.

To promote accessibility to blockchain hacking, we release a fuzzer for Substrate-based chains. During the talk, we demo the fuzzer and showcase typical bugs, including arithmetic errors, reachable panics, and others.

Content Notes

fuzzing, blockchain, hacking, rust

Louis is a security researcher at SRLabs, focusing on blockchain security and the team's fuzzing efforts.

Gabriel is a Security Consultant at SRLabs focused on telco and blockchain security. His main interests include SIM card security and blockchain fuzzing.